Cybersecurity

How Safe Are Apps on The App Store?

Natalie Zhu

8 min read
How safe are apps on the app store?

The wonderful world of apps can make our lives, work, and studies significantly easier. Our phones, tablets, or computers have many apps, ranging from photography, self-help, fitness, social media, and video games.

However, some mobile apps are more safe than others.

Although the app store rigorously tests its apps to ensure they function correctly and are free from harmful software, some third-party apps can still sneak onto the platform that can steal user data or harm their devices. Apple can take them down if you report them for violating their policies.

Therefore, we will look at how you can avoid downloading harmful apps on the app store to protect your data and your devices.

Table of contents

App store security

As with all software we download on our devices, some apps can still negatively impact system security, stability, and user data if we’re not careful. However, before an app is available to download, Apple audits it using these security protocols.

1. App review process

Apple has a rigorous app review process. Submitted apps are scanned for malicious code, security vulnerabilities, and compliance with App Store guidelines. Developers are given a set of policies and tools to ensure their apps comply with these security standards.

Once submitted, developers sign a unique certificate issued by Apple to confirm the app’s authenticity and that it hasn’t been tampered with by external parties.

2. Sandboxing

Sandboxing is a process that restricts app access to the device's resources and other apps. It isolates the app from everything to ensure it works properly and is secure without affecting anything else.

Sandboxing also restricts app-to-app communication to prevent it from interacting with other apps, limiting the spread of malware or stealing user data.

By implementing app sandboxing, Apple can ensure a more secure and stable environment for users and significantly reduce harmful apps downloaded from the app store.

3. Secure Enclave

Apple uses a dedicated hardware component to protect your most sensitive information.

Your biometric and facial recognition data is stored on a separate chip on your device and contains cryptographic keys that encrypt and decrypt your data. As this data is encrypted on an individual device, it is almost impossible for hackers to access it.

When you run an app on your device, the secure enclave ensures only trusted, authorized software loads.

Internxt is a cloud storage service based on encryption and privacy.

4. Data access permissions

Apps need permission to access data on your device, like location, photos, or contacts. You are free to choose what data you give to apps to prevent them from accessing data you don’t want to give them.

However, it’s important to occasionally check your app settings to ensure you have the permissions you want and that the app didn’t change these during recent updates.

5. Security updates

Apps will regularly release updates to patch vulnerabilities or to add new features. Keeping your apps updated is essential for your phone security. Downloading an app but not updating it regularly can lead to hackers exposing previous security issues from an out-of-date app.

6. Report unsafe apps

Apple provides ways for users to report suspicious apps or activities. These reports are investigated, and if necessary, Apple can take action to remove the app from the App Store.

To report an unsafe app, follow these steps:

  1. Open the App Store app on your iPhone or iPad.
  2. Locate the suspicious app. You can search for it or find it in your purchase history.
  3. Scroll down to the information section for the app.
  4. Tap "Report a Problem."
  5. Choose "Report a Scam or Fraud" (or the most relevant option).
  6. Briefly describe the suspicious activity in the text box (optional).
  7. Tap "Submit."
Internxt Password Generator secures your account with powerful passwords.

How safe are apps on the app store with the new update?

iOS 17.4 is now available for the iPhone SE up to the new iPhone 15. With this update, new services are available for users within the European Union. These updates include lifting previous limitations on third-party browsers and a third-party app store Apple calls “alternative app marketplaces.”

This change actually helps developers of smaller apps because Apple takes a lower commission than the official app store. However, this store is only available to European customers. If you visit Europe, you can download an app from the alternative marketplace and continue using it if you leave.

The downside of this is that after 30 days, you will not be able to update the app. This poses a huge security risk for web browsers, as they are often the target of malware and malicious websites.

The benefit of a third-party app store allows iPhone users to download apps that Apple previously wouldn’t allow on its store, such as video game emulators and anti-virus apps, which Apple banned in 2015.

There is also a potential for more scam apps and other apps that could detriment your online privacy.

Safety concerns of third-party apps

There are many things to consider when downloading files to your device, but even more so if you do so outside the official provider.

Downloading an unofficial app could appear legitimate at the time of review, but it can begin to show self-modifying behaviour that the official app store prohibits. What this means is that an app may appear legitimate at first, but later the app's behaviour changes and slowly reveals harmful functions.

This delayed reveal tactic could expose your smartphone to features not mentioned in the original description. For example, downloading a photo editor app may later reveal aggressive adware, bombard you with notifications, or gain permissions to track and upload your data without your knowledge.

Although a third-party app store may have more risks for people wondering how safe the apps on the app store are, the official app store has made some security blunders.

Previous examples of unsafe apps on the app store

Despite Apple’s attempts to prevent malicious apps from making their way  on the app store, these are some examples of when Apple failed to prevent harmful apps from being available for download.

Internxt online privacy eBook helps you stay safe online.

1. Fake password manager app

Back in February, Apple allowed a fake version of the LastPass password manager to be added to their store. LastPass posted an article warning people about the fake app, and users left reviews in the comments warning people that it is probably a scam to try and steal passwords.

The scam app was developed to mimic the LastPass icon design and used a common technique in phishing that makes subtle changes to the name that users may overlook. In this case, the developer's name was LassPass with a double s.

The app would show up if you searched for LastPass, and Apple would suggest it if you mistakenly typed LassPass. Given that passwords are a vital defense to our accounts, its truly concerning Apple let this app on their store for so long.

As always, the best way to protect your passwords is to add Two-Factor authentication in case your password is being attacked or compromised.

2. Unofficial financial loan apps

Apple has also faced issues with financial loan apps that legal vendors didn’t develop. In India, for example, Apple removed unethical apps that users complained asked for unnecessary access to contacts and media and charged high-interest rates and processing fees.

If users couldn’t pay, they were harassed, and their privacy was threatened with threats of creating fake pictures of the user or reaching out to their personal contacts.

Apple banned these apps because they violated the license agreement by falsely claiming they were connected to finance institutions.

Internxt Virus Scanner helps you to avoid malware in your files.

3. Fleeceware

Fleeceware is a type of mobile application that uses scam tactics to trick users into paying more than an app is worth. Fleeceware apps often have

  • Hidden fees
  • Fake reviews
  • Difficult methods to unsubscribe

Even if you delete the app, you may still be billed each month, and it can be problematic to cancel your subscription to the app. Fleeceware is often promoted on social media and is available for most popular topics, such as gaming, photo or document editors, or virtual instruments.

To avoid these scam apps, research the company and its developers and thoroughly examine user reviews before downloading. Be cautious of unclear pricing or subscription levels, and check how you can cancel your subscription before you choose to commit to any in-app purchases.

How to spot and avoid fake or harmful apps

If you are wondering how safe are apps on the app store are, there are a few things you can consider to avoid harmful apps from cybercriminals, whether they are on the official or third-party app store.

Consider following these steps so you can determine how safe the apps in the app store are and whether they are safe to download.

Check the reviews

Lots of negative reviews are a huge red flag for any app, so if it has low ratings and comments, consider another app. Even so, many apps can be filled with fake reviews that are overwhelmingly positive and any negative reviews are deleted.

If the reviews sound too good to be true, check around online to see what others say about the app before making your decision.

Check the logo, spelling, and grammar

As seen with the previous LastPass fake app, cybercriminals will try to mimic brand logos and names as closely as possible to trick people into downloading their scam app. Check out the name logo image quality, and also check the description for any spelling or grammar errors that may signal a fake app.

What to do if you download a fake app

If you accidentally download a fake app on your phone and are worried it may have given your mobile a virus, follow these steps

  • Delete the app from your phone
  • Restart your phone
  • Runn an antivirus
  • Report the fake app to the relevant app store to protect others

Internxt is a cloud storage service based on encryption and privacy.

Staying vigilant when downloading from the app store

Now we have answered the question of how safe apps in the app store are and learned how to spot fake or harmful apps. Although Apple has many processes in place to ensure apps are secure, as we have seen, some malicious apps still find their way to the app store.

If possible, before downloading an app, visit the official website to see if you can download the app directly from the official website.

With the new third-party app store in Europe, extra vigilance is required to ensure what you are downloading is safe. Whether there will be additional issues with these third-party apps remains to be seen, so staying up to date on cybersecurity topics is equally important.

Whatever platform you choose to download your apps from, ensure you know as much information as possible about the developers, permissions, company, and security updates before downloading anything.

Protect your privacy with Internxt